[Pdns-users] Domainkeys with Mysql backend servfail

Jos van Santen j.vansanten at e2ma.nl
Thu Dec 10 13:07:28 UTC 2009 

Hi Stefan,

The TXT record is inbetween quotation marks.
I found out that it breaks at the semi-colon in the TXT record, it is not a
result of the underscore.

An example TXT record is:

"k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfvgMo245lekN+eHQipbDcEzEzAY
tWg3/OAvp66FLqRnF29yG/rUddTjFhA+KgZ5F3kXqK/ksX3N+oVFh150zZRc9HNxbJNdTeb/m+EK
MpwjiejL9mb8yuJo36QqEsgz5NohU8jBj10vNhkdnsjhLumO/VJQ/LiU78kOvJsT+EEwIDAQAB\;
"

This results in previous mentioned error:
pdns[9888]: Exception: unknown escape sequence 
pdns[9888]: Exception building answer packet (unknown escape sequence)
sending out servfail

Escaping the semicolon and store it in the database as:

"k=rsa\\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfvgMo245lekN+eHQipbDcEzEzA
YtWg3/OAvp66FLqRnF29yG/rUddTjFhA+KgZ5F3kXqK/ksX3N+oVFh150zZRc9HNxbJNdTeb/m+E
KMpwjiejL9mb8yuJo36QqEsgz5NohU8jBj10vNhkdnsjhLumO/VJQ/LiU78kOvJsT+EEwIDAQAB\
\;"

A dig query on the server results:

;; ANSWER SECTION:
mailing._domainkey.xxxx.xxxxx. 86400 IN TXT
"k=rsa\\\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfvgMo245lekN+eHQipbDcEzEz
AYtWg3/OAvp66FLqRnF29yG/rUddTjFhA+KgZ5F3kXqK/ksX3N+oVFh150zZRc9HNxbJNdTeb/m+
EKMpwjiejL9mb8yuJo36QqEsgz5NohU8jBj10vNhkdnsjhLumO/VJQ/LiU78kOvJsT+EEwIDAQAB
\\\;"

This is not the expected result.

Regards
Jos

-----Oorspronkelijk bericht-----
Van: Stefan Schmidt [mailto:zaphodb at zaphods.net] 
Verzonden: donderdag 10 december 2009 13:09
Aan: Jos van Santen
CC: pdns-users at mailman.powerdns.com
Onderwerp: Re: [Pdns-users] Domainkeys with Mysql backend servfail

Jos van Santen wrote:
> Hi
Hello Jos,
>  
> I changed from Bind 9 to Powerdns 2.9.22 with a MySQL 5.0.77 backend 
> but I notice serverfails while trying to retreive the domainkey records.
>  
> dig @server txt mailing._domainkey.teilnahme.xxxxxxx
> doesn't return the right answer.
>  
> In de server logs I do see the error:
>  
> pdns[9888]: Exception: unknown escape sequence
> pdns[9888]: Exception building answer packet (unknown escape sequence) 
> sending out servfail
>  
> PowerDNS monitor show these DNS queries as "Queries that could not be 
> answered due to backend errors"
>  
> How can I solve this problem?
A common mistake is not to wrap TXT records in quotation marks within 
the database. PowerDNS needs this to tell the difference between a 
regular and a multipart TXT record i think.
Also from past conversations on IRCnet #powerdns i vaguely remember that 
the underscore must be escaped by a backslash due to the backends safety 
features, not absolutely sure about that however, it might just has been 
the '.' that needed escaping.
If you find out what exactly needs to be done for Domainkeys please do 
an FAQ entry at http://wiki.powerdns.com/trac/wiki/PowerDNSFaq , the 
topic is quite a regular one afair.

 Stefan

More information about the Pdns-users mailing list